Search form

North Korean Hackers Are Scarier Than North Korean Nukes

Chinese technicians work at the Recovery Key Laboratory of Sichuan province in Chengdu, China on May 15, where anti-ransomware software was released to recover files encrypted by the international ''WannaCry'' cybersecurity attack, which may have been launched by North Korea. ImagineChina/AP

An epic catastrophe threatens to rain death and destruction across the world, but it’s not the danger most of us fear—not the missile that an overinflated autocratic North Korean might launch. If you want to get really terrified, think of this month’s global ransomware hack as a warmup for the kind of complete digital shutdown that might—and some say will—come.

This moment has echoes from 100 years ago. In 1918, the first mechanized world war seemed like the worst thing that had ever happened to humanity. It killed 17 million people in war zones. Starting just as World War I was ending, a Spanish flu pandemic raced around the planet, killing as many as 100 million people in every big city and small town. Nobody anywhere was safe from it, and nobody anticipated it.

A nuclear battle involving North Korea would be horrific—a modern equivalent of World War I. Yet a major cyberattack that completely disrupts everything digital would spin the world into a chaos that could spell the end of our society. We can’t imagine the toll because we’ve never seen such an attack. Former CIA Director Michael Hayden has compared it to our inability to understand the outcome of a nuclear bomb before one was dropped on Japan. Our mindset about cyberwar, Hayden said, “has the whiff of 1945. It’s a new class of weapon, never before used.”

How could a digital nuke possibly be worse than a real nuke? First, consider how we’re teeing up a disaster by moving every aspect of life and commerce online while having no way to completely protect those systems. It’s kind of like putting your family and all your possessions into a house that has hippie beads for a front door—in a high-crime area with no police force.

We’ve long relied on computers and software to run big systems like power grids, airports, banks, factories and the military. Now, we’re putting billions of Internet of Things devices into our homes, cars, streetlights, toys, clothes, pets and more. Those devices were the point of weakness that allowed hackers last fall to knock out major web outlets like PayPal and Spotify in the U.S. We’re doing most of our professional work these days on software and apps, talking with colleagues on Slack, shopping on Amazon, finding friends with benefits on Tinder. We’re on the brink of filling our roads with self-driving cars while robot drones zip overhead delivering pizza. All of it is connected, and all of it is vulnerable.

Meanwhile, cyberattacks keep intensifying, and security experts can’t stay ahead of the hackers. The latest, in mid-May, was the worst so far. The ransomware affected up to 99 countries. It froze hospitals in the U.K.; infected Russia’s Interior Ministry and biggest bank, Sberbank; shut down parts of Spain’s Telefónica; and fried millions of Windows computers in China and India. North Korea may have launched that attack, and lots of scary nations large and small are sponsoring increasingly sophisticated hacking operations. “We used to worry about Russia and China taking down our infrastructure,” said Stewart Baker, a former general counsel for the National Security Agency, in an interview for the Pew Research Center. “Now, we have to worry about Iran and Syria and North Korea. Next up: Hezbollah and Anonymous.”

The constant hacks have left us all with an amorphous sense of dread. We’re told that we have to protect ourselves with encryption and two-factor authentication, which is not heartening. It’s like being informed that you really ought to dig a moat around your house and line up archers on your roof because the Visigoths are coming, and no one can help you—so, good luck!

Yet securing your stuff will be worthless if a rogue nation or group launches an attack that cripples global digital networks. Just imagine how that would go. Let’s say you’re in a city. In a flash, you have no communication. Even if your laptop and cellphone still work, they can’t get to anything—not Gmail or WhatsApp or Facebook. President Donald Trump can’t even get on Twitter to call the attack “bad!”

You head outside and realize everything’s jammed because the traffic lights are off and public transportation can’t move. Airports ground all flights. Even satellites have been rendered useless—you can’t get on GPS to find your way.

Go to the store, and it will take only cash because the gadget to swipe cards won’t work. People empty the shelves, worried about supplies running out. The ATM won’t work, and your credit card is worthless without the technology behind it. You can’t even be sure whether your bank account has been hacked and cleaned out.

Now, you’re worried about food, water, safety. Power goes out because the utility’s systems crash. The police are in turmoil, overwhelmed and unable to communicate. Hospital systems go down. Patients in critical health relying on automated devices start dying. Financial markets freeze, and investors panic. The government can’t get information to people and may not be operating at all.

And this is happening in every city and every town in every country.

How long before people turn on one another? Before they break into houses that look rich and stocked with food? Before guns come out of drawers and safes? Before fires get started and mobs rage out of control? How bad does it get if systems are so damaged they can’t be turned on for weeks, months, years? It seems crazy, but such a scenario looks more plausible with every escalating cyberattack.

Maybe Kim Jong Un is really wily, and this whole missile thing is just sleight of hand. While Trump and other leaders focus on rockets, we can only hope Kim and his brainwashed 20-something nerds in a well-guarded military bunker haven’t developed their real weapon of mass destruction on a MacBook.